Google Play Data Safety Violation

We found an issue in the following area(s):

  • SPLIT_BUNDLE 16: Policy Declaration - Data Safety Section: Device Or Other IDs Data Type - Device Or Other IDs (some common examples may include Advertising ID, Android ID, IMEI, BSSID, MAC address)

I am in the dark. I collect absolutely no data from the user. There are no Ads in my program. Does perhaps Thunkable have some boilerplate code that triggered Google Plays alarms? Any direction would be appreciated.

Hi @robertrobinson48276k, thanks for posting. It is possible that while you, as the app developer, are not collecting any data, there may be components within your app that are collecting data and this is what Google has flagged (e.g a web viewer). Unfortunately, Google does tend to check and flag issues asynchronously–your app may be flagged after publication as well on a later version.

Would you be able to share the link to your project with us? Without that, it will be hard to get you the more specific answer you deserve.

Thank you!

Matt @ Thunkable

Thank you for your time. I found the answer in another thread. When Thunkable tracks when the app is downloaded etc… it collects a heck of a lot of data on the user. So though I personally was not collecting data, Thunkable was, so Google Play was right. A list of the data collected is in the other thread. Thanks again.

@robertrobinson48276k What was the thread you found that information in? Just wanting to see that for my own curiousity.

I can’t seem to locate the thread again, bit this is what I gleaned/copied from it:

Data is not encrypted

  • IP address, which may be used to estimate the general location of a device.

  • Non-user related crash logs, which may be used to diagnose problems and improve the SDK. Diagnostic information may also be used for advertising and analytics purposes.

  • User-associated performance data such as app launch time, hang rate, or energy usage, which may be used to evaluate user behavior, understand the effectiveness of existing product features, and plan new features. Performance data may also be used for displaying ads, including sharing with other entities that display ads.

  • A Device ID such as the device’s advertising identifier or other app-bounded device identifiers, which may be used for the purpose of third-party advertising and analytics.

  • Advertising data, such as advertisements the user has seen, may be used to power analytics and advertising features.

  • Other user product interactions like app launch taps, and interaction information, like video views, may be used to improve advertising performance.

Google have reject my app with this problem

Issue details

We found an issue in the following area(s):

  • SPLIT_BUNDLE 1: Policy Declaration - Data Safety Section: Device Or Other IDs Data Type - Device Or Other IDs (some common examples may include Advertising ID, Android ID, IMEI, BSSID, MAC address)

My app don’t collect any data.
apple is no problem.
How i check? what a problem?

My app

the SDK collects statistics. Following is a possible list of what information Thunkable collects. If you copy and paste, it might suffice.

Data is not encrypted

Data may be deleted by user.

  • IP address, which may be used to estimate the general location of a device.

  • Non-user related crash logs, which may be used to diagnose problems and improve the SDK. Diagnostic information may also be used for advertising and analytics purposes.

  • User-associated performance data such as app launch time, hang rate, or energy usage, which may be used to evaluate user behavior, understand the effectiveness of existing product features, and plan new features. Performance data may also be used for displaying ads, including sharing with other entities that display ads.

  • A Device ID such as the device’s advertising identifier or other app-bounded device identifiers, which may be used for the purpose of third-party advertising and analytics.

  • Advertising data, such as advertisements the user has seen, may be used to power analytics and advertising features.

  • Other user product interactions like app launch taps, and interaction information, like video views, may be used to improve advertising performance.

I NEED HELP WITH THE SAME ISSUE, PLEASE…


App Status: Rejected

Your app has been rejected and wasn’t published due to the policy issue(s) listed below. If you submitted an update, the previous version of your app is still available on Google Play.

Issue found:

Invalid Data safety form

We reviewed your app’s Data safety form in Play Console and found discrepancies between it and how the app collects and shares user data. All apps are required to complete an accurate Data safety form that discloses their data collection and sharing practices - this is required even if your app does not collect any user data.

We detected user data transmitted off device that you have not disclosed in your app’s Data safety form as user data collected.

You must ensure that your app’s Data safety section accurately reflects your app’s data collection, sharing, and handling practices. This includes data collected and handled through any third-party libraries or SDKs used in your app. When available, we’ve included details on SDKs that contain code similar to the code in your APK that may be sending user data off device. You can check if your app uses any of these SDKs, but note that this list of SDKs may not be exhaustive. You must review and account for all data collected and shared by your app.

Issue details

We found an issue in the following area(s):

  • SPLIT_BUNDLE 16: Policy Declaration - Data Safety Section: Location Data Type - Precise Location, Possible SDKs: com.intentsoftware.addapptr.subsdk:AdColony

About the Data safety section in Google Play User Data policy

Your app must be in compliance with this policy. If your app continues to be non-compliant, your app updates will be rejected and your app may face additional enforcement actions in the future.

Please make changes to align your app’s Data safety form with the app’s behavior. This can be done by either:

  • Updating your form in Play Console to declare collection of Data Types noted below; or
  • Removing unwanted functionality and attributable code that collects this user data from your app or libraries used in your app, and when applicable to deactivate all non-compliant APKs.
    • To deactivate non-compliant APKS, you can create a new release and upload a compliant APK to each track containing the non-compliant APKs.
    • Be sure to increment the APK version code. If using staged rollout, be sure to set the release to 100% rollout.

Hello @mekasnoop4ui73ao!
Welcome to our community!
Sorry to hear you are having an issue with Google Play.
Do you use any of the following components?
Map
Push Notifications or
Web viewer

Thanks for coming to my aid.

I use Push Notifications

Hello @mekasnoop4ui73ao,
Welcome to our community!
Thank you for sharing more information.
Please click on the push notification settings and deactivate the Geolocation Permissions. :tada:
Then click submit and then re-publish your app

Good day! We have the same issue. Help me

Issue details

We found an issue in the following area(s):

  • SPLIT_BUNDLE 112: Policy Declaration - Data Safety Section: Location Data Type - Precise Location

However, in the email, it was stated that: SPLIT_BUNDLE 112: Policy Declaration - Data Safety Section: Location Data Type - Precise Location

We would like to inform you that our current working version used for clients is 145 (1.145.0). SPLIT_BUNDLE 112 is a version for closed testing, and we haven’t been using it for a long time.

In the App bundle explorer, we can indeed see that version 112 is active. Versions 95, 108, and 112 are also active.

  1. These versions are only used for internal closed testing and are not used for clients.
  2. These versions are not up to date, as we previously requested Location data when it was allowed. Now we are experiencing an issue with deactivating old versions that prevent us from submitting the current “Data safety”. Changes can only be submitted all at once.

My question. How can we deactivate versions 95, 108, and 112? Or what we must do in this situation? Thank you!

Hello @postkorolpj9u, welcome to the community!
Do you use push notifications, web viewer, or Map?
These can track also location. If yes, and you don’t want to track location you will need to deactivate that option as I shared in the screenshot above.
In case you want to continue tracking location you should update your privacy policy with the related information